|
You've learned there are many ways that an
attachment can ruin your whole day. If you
missed that part, go back to Part 1. Understand the hazards of email attachments. If you've already been there put your knowledge
to work, starting here in Part 2. There are
more suggestions in Part 3 -- handling files safely.
Part 2. How to handle attachments safely
-- overview
Cardinal rule: Never, ever open an email attachment that
you have any doubts about -- even if it's addressed directly
to you and comes from someone you know. Always
check with the sender directly -- most worms
appear to come from someone you know these
days -- make sure they intended to send the
attachment. Just send them an email and ask what it's
all about -- and even then be cautious. If you're satisfied with how they got the
file, it's probably OK.
Weed out obviously bogus messages and attachments
first
You need to examine messages and attachments
as a whole, not separately. Sometimes attachment
details -- size, name or extension -- combined with the nature of the message will tell you they're bogus. Usually there's
a whiff of something not quite right. If
something is fishy just delete the message,
along with the attachment, and get on with
your life.
HTML attachments (filename.htm or filename.html)
are a special case. Depending on how the
message was composed, and on its size, email
clients will show some HTML messages as attachments.
Others will be displayed directly with no
attachment. Either one can have malicious
content though. [exceptions]
Many malicious attachments appear to come
from a legitimate address, or from someone
you know. Be suspicious of any attachment
that you were not expecting -- even though it's from someone you know.
Be paranoid about attachments from anyone you don't know.
Questions to ask about the ones that remain
I tried to capture the thinking
process that
I use to deal with messages and
attachments
by creating this list of questions.
I actually
don't simply go down the list
in order, although
that's the way to learn the logic.
I more
or less ask the questions in
parallel. I
suggest that you try following
the steps
explicitly a few times to get
a feel for
how to think about messages and
when to open
attachments.
-
Did the person who sent the message struggle
with grammar, spelling or punctuation? Yes?
Just delete the whole thing -- unless it
passes Question 7. below. If not, continue
back here at Question 2.
-
Is there anything inconsistent about the
message, who it's from, address it's from,
the subject, the kind of attachment, the file name? why you would get such a message, etc.?
Yes? Just delete it and get on with your
life.
-
Can I live without what this attachment offers,
even though I'm curious? Yes? Delete it.
-
Is there something here that's so attractive
that I'm willing to take a risk? No? Why
are you waiting? Delete it, you'll get over
it. Yes? Proceed to Question 5.
-
Does the message appear to come from someone
I know? Yes? Well then, it's easy to check
to see if and why they sent the attachment, eh? If it checks
out, skip ahead to Question 7. If it's not
from someone you know, proceed to Question
6.
-
Is the message well written, convincing and
reasonable, and do you feel that the attachment is safe enough to risk
opening?
No? I'd just delete the message. If you decide
to explore it anyway, proceed (very carefully)
to Part 3. Safe file handling. Work your way down the page. You should
end up at "Working with files that you
don't fully trust". Do not continue to Question 6. on this page. [This is beginning to sound like an income
tax form, eh?]
Yes? Don't do anything yet. You don't know this person from Adam (or
Eve as the case may be). Maybe you should
go back to Question 3 again. Otherwise, proceed
to Part 3. Safe file handling. Work your way down the page. You should
end up at "Working with files that you
think you can trust".
-
Is everything about the message consistent?
Have you received messages exactly like this one before? From the same address, the same person, the same or related subject, the same kind of message, the same kind of attachment? Yes? Go on to the next segment.
If the answer to Question 7. is no, do not
go on to the next segment. Proceed to Part 3. Safe file handling. Work your way down the page. You should
end up at "Working with files that you
think you can trust".
When you are "sure" the attachment
is safe
You can be more relaxed about opening many of the
attachments you receive. They'll
pass the
test clear through Question 7.
above. Life
is too short to be completely
paranoid. Just
open the attachment. Some of
my examples:
-
HTML files attached to newsletters that I
receive regularly make up the bulk of "safe"
attachments that I receive.
-
Personal (not the "forwarded kind")
digital pictures from people who send them
regularly.
-
Software updates from a specific source at
a specific time that I know about in advance.
-
For some reason, some of my email arrives
with the content in a text file (*.txt).
You want to be sure these are really text files before you open them.
I've opened many attachments like these examples
without a second thought, and have never
had a problem.
When you're not sure the attachment is safe
Never simply "double-click" or
"right-click > open" an attachment
you're not sure of. That will immediately
activate any malicious content. If you've
decided you want to open it anyway, proceed
to Part 3. Safe file handling, and find out how to open it safely.
If the steps above seem too Draconian, there's
an alternative that seems to offer nearly
the same protection. "Benign" from Firetrust is a program that neutralizes
email. It should be more effective than an
antivirus program. I've never tried it, but
the method seems sound. However, it will
only work with normal "POP" email,
not with "Web mail".
|